At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code. New evidence suggests the attackers, believed to be North Korean state-sponsored hackers, gained access to the company’s network and systems as a result of a different software supply-chain attack involving a third-party application for futures trading.
“The identified software supply chain compromise is the first we are aware of which has led to a cascading software supply chain compromise,” incident responders from cybersecurity firm Mandiant, who was contracted to investigate the incident, said in a report Thursday. “It shows the potential reach of this type of compromise, particularly when a threat actor can chain intrusions as demonstrated in this investigation.”